Encryption of data at rest

Hi!

I am reading a lot of encryption of data in motion with mTLS, but I am trying to figure out if Confluent server provides support for encryption of data at rest.
Some resources indicate that this has to be done at OS-level by encrypting the disk. (https://youtu.be/nhw6J9N6UIg?t=306)

However, some resources seem to indicate that this feature exists (Manage security in Confluent Platform | Confluent Documentation)

Does Confluent Server provide this feature? or perhaps even E2E-encryption?

if not: are there any best practices regarding encryption at rest with for example LUKS?

/J

hey @jcurrent

afaik there is no feature for encryption of data at rest buil-in in confluent server.

you could encrypt the volumes where your kafka data resides (with LUKS as you mentioned)

confluent cloud data is encrypted by default

let me know if you further insights

best,
michael